Bayt.com

Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Do you consider security when designing your query string parameters for a website?

if you have a website's page named 'test' that has the following code:

[ASP.NET]

sCid = Request.QueryString["cid"] as string;

sQry = "SELECT * FROM [MyTable] WHERE id=" + sCid + " ORDER BY id";

or [PHP]

$cid = $_GET["cid"];

$qry = 'SELECT * FROM [MyTable] WHERE id=' . $cid . ' ORDER BY id';

 

What do you think will be the result of executing the query if I passed in the URL

/test?cid=1 UNION SELECT NULL FROM INFORMATION_SCHEMA.TABLES

Web Design Web Development Security
user-image
Question ajoutée par Utilisateur supprimé
Date de publication: 2017/04/18
Apprécier (0) Vues (2) Suiveurs (1) Réponses (1) Report Question
Ajoutez Une Réponse
Inscrivez-vous ou connectez-vous pour répondre.
Ahmad El-Agawy
par Ahmad El-Agawy , Senior SharePoint Developer , Ministry Of Islamic Affairs, Endowments, Dawah and Guidance

Mentioned logic is far away from security, because of SQL injection possibility you referred to.so, my advice is to never use concatenation in SQL queries ex. "select * from table where id =" + idVar; because it's so easy to pass another SQL query injected, instead you need to use body variables / stored procedures. ex. "select * from table where id = @id", after you set the value of @id parameter.

Ecrivez Votre Réponse
More Questions Like This